feature(core): Add additional CDK logging (#698)

supergillis · web-flow · commit dfe024398b4a · 2021-04-21T08:59:55.000-04:00
* Added additional log statements

* Enable CDK debugging and log stack template

* Enable CDK_DEBUG with state machine input

* Make state machine work without "verbose" setting

* Fix unit test
diff --git a/src/core/cdk/src/initial-setup.ts b/src/core/cdk/src/initial-setup.ts
@@ -660,6 +660,7 @@ export namespace InitialSetup {
           BOOTSTRAP_STACK_NAME: bootStrapStackName,
           'SCOPE.$': '$.scope',
           'MODE.$': '$.mode',
+          'CDK_DEBUG.$': '$.verbose',
         };
 
         const deployTask = new tasks.StepFunctionsStartExecution(this, `Deploy Phase ${phase}`, {
diff --git a/src/core/runtime/src/load-accounts-step.ts b/src/core/runtime/src/load-accounts-step.ts
@@ -10,6 +10,7 @@ import { loadAccounts } from './utils/load-accounts';
 export interface SMInput {
   scope?: 'FULL' | 'NEW-ACCOUNTS' | 'GLOBAL-OPTIONS' | 'ACCOUNT' | 'OU';
   mode?: 'APPLY';
+  verbose?: string | number;
   targetOus?: string[];
   targetAccounts?: string[];
 }
@@ -27,6 +28,7 @@ export interface LoadAccountsOutput {
   regions: string[];
   scope: 'FULL' | 'NEW-ACCOUNTS' | 'GLOBAL-OPTIONS' | 'ACCOUNT' | 'OU';
   mode: 'APPLY';
+  verbose: string | '1' | '0';
 }
 
 const dynamoDB = new DynamoDB();
@@ -47,7 +49,7 @@ export const handler = async (input: LoadAccountsInput): Promise<LoadAccountsOut
     smInput,
   } = input;
 
-  const { targetAccounts, targetOus, mode, scope } = smInput;
+  const { targetAccounts, targetOus, mode, scope, verbose } = smInput;
 
   // Retrieve Configuration from Code Commit with specific commitId
   const config = await loadAcceleratorConfig({
@@ -183,5 +185,6 @@ export const handler = async (input: LoadAccountsInput): Promise<LoadAccountsOut
     accounts: accountIds,
     scope: scope || 'NEW-ACCOUNTS',
     mode: mode || 'APPLY',
+    verbose: verbose ? `${verbose}` : '0',
   };
 };
diff --git a/src/deployments/cdk/src/deployments/config/create.ts b/src/deployments/cdk/src/deployments/config/create.ts
@@ -71,17 +71,19 @@ export async function createRule(props: CreateRuleProps) {
     }
     const ouAwsConfigRuleConfigs = ouConfig['aws-config'];
     for (const [accountKey, accountConfig] of config.getAccountConfigsForOu(ouKey)) {
+      console.warn(`Creating config rules in account ${accountKey}`);
       const awsAccountConfigRuleConfig = accountConfig['aws-config'];
       for (const awsConfigRuleConfig of ouAwsConfigRuleConfigs) {
         for (const ruleName of awsConfigRuleConfig.rules) {
-          console.log(
-            `Deploying ${ruleName} in Account ${accountKey} and in regions excluding ${awsConfigRuleConfig['excl-regions']}`,
-          );
+          console.log(`Creating config rule ${ruleName}`);
           const awsConfigRule = configRules.find(cr => cr.name === ruleName);
           if (!awsConfigRule) {
-            console.warn(`Config Rule ${ruleName} is not found in Accelerator Configuration global-options`);
+            console.warn(`Config rule ${ruleName} is not found in Accelerator Configuration global-options`);
             continue;
           }
+          console.debug(`Config rule configuration`);
+          console.debug(JSON.stringify(awsConfigRule, null, 2));
+
           const remediation =
             awsConfigRule.remediation === undefined ? configRuleDefaults.remediation : awsConfigRule.remediation;
           const remediationAttempts =
@@ -91,13 +93,16 @@ export async function createRule(props: CreateRuleProps) {
           const remediationConcurrency =
             awsConfigRule['remediation-concurrency'] || configRuleDefaults['remediation-concurrency'];
           for (const region of config['global-options']['supported-regions']) {
+            console.warn(`Creating config rule ${ruleName} in region ${region}`);
             if (awsConfigRuleConfig['excl-regions'].includes(region)) {
+              console.warn(`Skipping creation in excluded region ${region}`);
               continue;
             }
             const isRuleIgnored = awsAccountConfigRuleConfig.find(
               ac => ac['excl-rules'].includes(ruleName) && ac.regions.includes(region),
             );
             if (isRuleIgnored) {
+              console.warn(`Skipping creation as config rule is excluded for region ${region}`);
               continue;
             }
             const accountStack = accountStacks.tryGetOrCreateAccountStack(accountKey, region);
@@ -118,13 +123,15 @@ export async function createRule(props: CreateRuleProps) {
             });
             let configRule;
             if (awsConfigRule.type === 'managed') {
+              console.warn(`Creating rule as managed rule`);
               configRule = new awsConfig.ManagedRule(accountStack, `ConfigRule-${ruleName}`, {
                 identifier: ruleName,
                 configRuleName,
                 description: configRuleName,
                 inputParameters: configParams,
               });
             } else {
+              console.warn(`Creating rule as custom resource`);
               if (!configRuleArtifact) {
                 console.error('ConfigRuleArtifact is not found to create Custom ConfigRule');
                 continue;
diff --git a/src/deployments/cdk/toolkit.ts b/src/deployments/cdk/toolkit.ts
@@ -9,6 +9,7 @@ import { Configuration, Command } from 'aws-cdk/lib/settings';
 import { SdkProvider } from 'aws-cdk/lib/api/aws-auth';
 import { CloudFormationDeployments } from 'aws-cdk/lib/api/cloudformation-deployments';
 import { PluginHost } from 'aws-cdk/lib/plugin';
+import { debugModeEnabled } from '@aws-cdk/core/lib/debug';
 import { AssumeProfilePlugin } from '@aws-accelerator/cdk-plugin-assume-role/src/assume-role-plugin';
 import { fulfillAll } from './promise';
 
@@ -160,8 +161,13 @@ export class CdkToolkit {
   }
 
   async deployStack(stack: CloudFormationStackArtifact): Promise<StackOutput[]> {
+    console.log(`Deploying stack ${stack.displayName}`);
+    if (debugModeEnabled()) {
+      console.debug(JSON.stringify(stack.template, null, 2));
+    }
+
     const stackExists = await this.cloudFormation.stackExists({ stack });
-    console.log(`Is ${stack.displayName} stack exists`, stackExists);
+    console.log(`Stack ${stack.displayName} exists`, stackExists);
 
     const resources = Object.keys(stack.template.Resources || {});
     if (resources.length === 0) {
@@ -174,6 +180,10 @@ export class CdkToolkit {
     } else if (stackExists) {
       const sdk = await this.props.sdkProvider.forEnvironment(stack.environment, Mode.ForWriting);
       const cfn = sdk.cloudFormation();
+      if (debugModeEnabled()) {
+        cfn.config.logger = console;
+      }
+
       console.log(`Calling describeStacks API for ${stack.displayName} stack`);
       const existingStack = await cfn
         .describeStacks({
diff --git a/src/installer/cdk/assets/start-execution.js b/src/installer/cdk/assets/start-execution.js
@@ -20,7 +20,8 @@ exports.handler = async function (event, context) {
     const smInput = {
       scope: 'FULL',
       mode: 'APPLY',
-    }
+      verbose: '0',
+    };
 
     await sfn
       .startExecution({
diff --git a/src/installer/cdk/test/start-execution.spec.ts b/src/installer/cdk/test/start-execution.spec.ts
@@ -38,7 +38,7 @@ test('the State Machine execution should be started', async () => {
   await handler(event);
 
   expect(startExecution).toBeCalledWith({
-    input: '{"scope":"FULL","mode":"APPLY"}',
+    input: '{"scope":"FULL","mode":"APPLY","verbose":"0"}',
     stateMachineArn: 'arn:state-machine',
   });
   expect(putJobSuccessResult).toBeCalledWith({
